Alberto Valverde wrote:
> Gustavo Narea wrote:
>> Hello,
>> Authorization-related messages are no longer flashed in TG2 trunk. Could 
>> this 
>> be related to the modifications to the flash() function lately?
> That's most probable since the flash payload is now passed in a cookie 
> and this cookie is lost somewhere in the middleware stack if the 
> response's status is a 401. This doesn't affect only flash but can 
> potentially affect any application using cookies. I've just comited a 
> FIXME test to prove it:
> My guess is that repoze.who's RedirectFormPlugin is not copying the 
> cookies from the 401 response when traps it and redirects to the login 
> handler but I need to confirm it. Will try to that tomorrow.

Confirmed. The following patch makes the test pass so it will probably 
fix the flash issue:

Index: repoze/who/plugins/
--- repoze/who/plugins/    (revision 3293)
+++ repoze/who/plugins/    (working copy)
@@ -190,7 +190,8 @@
         url_parts[4] = urllib.urlencode(query_elements, doseq=True)
         login_form_url = urlparse.urlunparse(url_parts)
         headers = [ ('Location', login_form_url) ]
-        headers = headers + forget_headers
+        cookies = [(h,v) for (h,v) in app_headers if h.lower() == 
+        headers = headers + forget_headers + cookies
         return HTTPFound(headers=headers)

It's late here, I'll send a proper patch tomorrow to the repoze people 
tomorrow with a test case hopefully.


P.S: Cc'ing them in case a kind soul wants to beat me to it while I'm 
asleep :)
Repoze-dev mailing list

Reply via email to